amazon rds – Why ephemeral port been used when connect to AWS RDS?

Among multiple accounts in AWS, from one EC2 in account 1 connect RDS in account 2, from the VPC flow logs, got this message

2 023910321035 eni-12309fdsaj0jf012 ACCOUNT_1_EC2_IP ACCOUNT_2_RDS_IP 45052 31337 6 3 180 1619490209 1619490213 REJECT OK

The port 31337 hasn’t been opened but only the allowed db port 3306. Why it connected this unknown port first? How to diagnose it?

oauth2 – Rest Services Aunthentication and Authorization with AWS Cognito

I am designing the authentication and authorization flow of my mobile and web applications. I plan to use the AWS Cognito identity provider.

  1. Use AWS Amplify and signup the user from the front-end.
    Question: The signup will happen totally independently. My backend (Spring boot Rest services) wouldn’t even know about this new user.

  2. Use AWS Amplify and sign in the user from the front-end.
    Question: Is it secured? Anyone can get hold of the access token and refresh token returned by the identity provider (AWS Cognito). Exposing access tokens may not be a threat a great deal, exposing refresh tokens, on the other hand, can lead to serious security leaks. The refresh tokens never expire and therefore can be used for fetching a new set of access and refresh tokens.

If the above points are valid security concerns, should one do this signup and sign in from the back-end?

  1. Sign up:
    Font-end may call a backend API to sign up a user. Backend in turn calls the identity provider’s (Cognito) API to sign up the user.

  2. LOGIN:
    Front-end provides the user credentials and calls a backend API (my Spring rest service). The backend API (my Spring rest service) in turn calls the identity providers API to fetch the access and refresh tokens. The refresh token is saved in the DB and is used for fetching new access tokens when required. The access token (And not the Refresh token) is returned to the front-end for it to pass with every other backend API (my Spring rest service) call.

I may have taken a totally different approach to Authentication by running my own Authorization server (Spring Authorization server) in place of an identity provider like AWS Cognito. Below are the main reasons why I am not going in that direction:

  1. Spring Authorization server is deprecated by the Spring team. The team has started rewriting the whole project and is still a work in progress.

  2. Maintaining and securing a custom Authorization server may not be a very scalable solution.

  3. A custom user pool management may be a tedious task in securing the user data, data sync, etc.

Am I thinking in the right direction in securing my backend spring-boot-based restful services? Is AWS Cognito the right choice for this use case? If it is a good fit for my use case, how do use it in the most secured and scalable manner?

amazon web services – How can I track user requests to my external API on AWS?

I’m a bit of a beginner but I’m working on creating an external API with AWS SAM (using API Gateway and Lambda), and I want a way to track & monitor usage.

Some options I was considering:

1. Store the requests in a database

Pro: It would allow me to store as much information as I want about the request
Con: I figured this might be too slow to handle a lot of fast requests

2. Keep count of how often a user makes requests with Redis – but I would also want more information about the requests they make

Pro: I could quickly count user requests
Con: This might limit the amount of information I could store about a user if my key-value pair is user-id: number-of-requests

3. Use a messaging queue

Pro: I could put request info into a message queue and let another Lambda function put it in a database without slowing down my API’s response time
Con: This might be overly complex? And I still might have the same issue as option 1 where I would have a bunch of small transactions at once.

Can you suggest an approach or critique any of the options above?

Thanks for your help!

8 – Not able to download json file from AWS S3 bucket

Trying to download the JSON file from the S3 bucket using the below code.

  use SymfonyComponentHttpFoundationBinaryFileResponse;

  public function downloadProductSpecFile($spec_file = NULL) {
    $spec_file = 'dev_test.json';
    // Aws S3 file url
    // Example: https://something.cloudfront.net/dev_Airlines.json?Policy=eyJTdGF0dsfgdsfgtt....
    $signed_url = $this->developerResourceServices->getSignedUrl($spec_file);

    $headers = array(
      'Content-Type'        => 'application/json',
      'Content-Disposition' => 'attachment;filename="' . $spec_file . '"');

    return new BinaryFileResponse($signed_url, 200, $headers, true);
  }

but I’m getting the below error

SymfonyComponentHttpFoundationFileExceptionFileNotFoundException

I can able to open the file using the above signed URL without any issues.

8 – Not able to download json file from AWS S3

Trying to download the JSON file from the S3 bucket using the below code.

  use SymfonyComponentHttpFoundationBinaryFileResponse;

  public function downloadProductSpecFile($spec_file = NULL) {
    $spec_file = 'dev_test.json';
    // Aws S3 file url
    // Example: https://something.cloudfront.net/dev_Airlines.json?Policy=eyJTdGF0dsfgdsfgtt....
    $signed_url = $this->developerResourceServices->getSignedUrl($spec_file);

    $headers = array(
      'Content-Type'        => 'application/json',
      'Content-Disposition' => 'attachment;filename="' . $spec_file . '"');

    return new BinaryFileResponse($signed_url, 200, $headers, true);
  }

but I’m getting the below error

SymfonyComponentHttpFoundationFileExceptionFileNotFoundException

I can able to open the file using the above signed URL without any issues.

nginx – AWS EC2 t3.xlarge: 4 vCpu at 25/30%, RAM 646mb su 16GB, all website down, why?

my website was down with at most 800 visitors.
The server is running Ubuntu 18.06 and is a T3.XLARGE.

How could it have happened?

The error in sudo tail -n 20 /var/log/nginx/error.log
was

connect() to unix:/run/php/php7.2-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream

How can I investigate further? which settings maybe I need to tune?

Thanks in advance

amazon web services – How to remove wordpress entirely from my domain name that’s hosted on AWS Route 53

I was contacted by an organization to remove wordpress site that’s host on Amazon Web Services(AWS) route53,the site is running with an associated EC2 instance, that was created all created by the developer who left the organization, After spending sleepless hours of doing technical research, am a little bit worried, should I delete the instance that’s associated with the site, because I want to deploy a new site onto the same domain that’s being used the wordpress site?

Any guideline will be highly appreciated.

hosting – How can I view or FTP into my WordPress site hosted on AWS?

If this is the wrong site for this, I apologize. I am not a WordPress developer, but I have a small bit of WP experience.

Does anyone know how I could view the file tree of a WordPress site hosted on AWS? I am trying to migrate a WordPress page for a non-profit from AWS to another hosting service. Unfortunately, AWS console is clogged with dozens (hundreds?) of non-descriptive product names, and something like viewing your hosted files is not given any intuitive guideposts. I feel like I’m getting warmer with the EC2 console, but I don’t see even a FTP server address.

I would like to FTP into the hosted page, or at the very least, view the hosted files.
Can anyone point me to where these tool are hiding in AWS console?

Many thanks.